EnglishFrenchSpanish

OnWorks favicon

tlsdate - Online in the Cloud

Run tlsdate in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command tlsdate that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


tlsdate - secure parasitic rdate replacement

SYNOPSIS


tlsdate [-hnvVstlw] [-H [hostname]] [-p [port]] [-P [sslv23|sslv3|tlsv1]] [--certdir
[dirname]] [-x [--proxy] proxy-type://proxyhost:proxyport]

DESCRIPTION


tlsdate is a tool for setting the system clock by hand or by communication with the
network. It does not set the Real Time Clock. It is designed to be as secure as TLS (RFC
2246) but of course the security of TLS is often reduced to whichever CA racket you
believe is trustworthy. By default, tlsdate trusts your local CA root store - so any of
these companies could assist in a MITM attack against you and you'd be screwed.

This tool is designed to be run by hand or as a system daemon. It must be run as root or
otherwise have the proper caps; it will not be able to set the system time without running
as root or another privileged user.

OPTIONS


-h | --help
Print the help message

-s | --skip-verification
Skip certificate verification

-H | --host [hostname|ip]
Set remote hostname (default: 'www.ptb.de')

-n | --dont-set-clock
Do not set the system clock to the time of the remote server

-p | --port [port]
Set remote port (default: '443')

-P | --protocol [sslv23|sslv3|tlsv1]
Set protocol to use when communicating with server (default: 'tlsv1')

-C | --certdir [dirname]
Set the local directory where certificates are located (default: '/etc/ssl/certs')
This allows for certificate or certificate authority (CA) pinning. To ensure that
signatures are only valid if they are signed by a specific CA or certificate, set
the path to a directory containing only the desired certificates.

-x | --proxy [proxy-type://proxyhost:proxyport]
The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed:

http://127.0.0.1:8118
socks4a://127.0.0.1:9050
socks5://127.0.0.1:9050

The proxy support should not leak DNS requests and is suitable for use with Tor.

-v | --verbose
Provide verbose output

-V | --showtime [human|raw]
Show the time retrieved from the remote server in a human-readable format or as a
raw time_t.

-t | --timewarp
If the local clock is before RECENT_COMPILE_DATE; we set the clock to the
RECENT_COMPILE_DATE. If the local clock is after RECENT_COMPILE_DATE, we leave the
clock alone. Clock setting is performed as the first operation and will impact
certificate verification. Specifically, this option is helpful if on first boot,
the local system clock is set back to the era of Disco and Terrible Hair. This
should ensure that X509_V_ERR_CERT_NOT_YET_VALID or X509_V_ERR_CERT_HAS_EXPIRED are
not encountered because of a broken RTC or the lack of a local RTC; we assume that
tlsdate is recompiled yearly and that all certificates are otherwise considered
valid.

-l | --leap
Normally, the passing of time or time yet to come ensures that SSL verify functions
will fail to validate certificates. Commonly, X509_V_ERR_CERT_NOT_YET_VALID and
X509_V_ERR_CERT_HAS_EXPIRED are painfully annoying but still very important error
states. When the only issue with the certificates in question is the timing
information, this option allows you to trust the remote system's time, as long as
it is after RECENT_COMPILE_DATE and before MAX_REASONABLE_TIME. The connection will
only be trusted if X509_V_ERR_CERT_NOT_YET_VALID and/or
X509_V_OKX509_V_ERR_CERT_HAS_EXPIRED are the only errors encountered. The SSL
verify function will not return X509_V_OK if there are any other issues, such as
self-signed certificates or if the user pins to a CA that is not used by the remote
server. This is useful if your RTC is broken on boot and you are unable to use
DNSEC until you've at least had some kind of leap of cryptographically assured
data.

-w | --http
Run in web mode: look for the time in an HTTP "Date" header inside an HTTPS
connection, rather than in the TLS connection itself. The provided hostname and
port must support HTTPS.

Use tlsdate online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    GenX
    GenX
    GenX is a scientific program to refine
    x-ray refelcetivity, neutron
    reflectivity and surface x-ray
    diffraction data using the differential
    evolution algorithm....
    Download GenX
  • 2
    pspp4windows
    pspp4windows
    PSPP is a program for statistical
    analysis of sampled data. It is a free
    replacement for the proprietary program
    SPSS. PSPP has both text-based and
    graphical us...
    Download pspp4windows
  • 3
    Git Extensions
    Git Extensions
    Git Extensions is a standalone UI tool
    for managing Git repositories. It also
    integrates with Windows Explorer and
    Microsoft Visual Studio
    (2015/2017/2019). Th...
    Download Git Extensions
  • 4
    eSpeak: speech synthesis
    eSpeak: speech synthesis
    Text to Speech engine for English and
    many other languages. Compact size with
    clear but artificial pronunciation.
    Available as a command-line program with
    many ...
    Download eSpeak: speech synthesis
  • 5
    Sky Chart / Cartes du Ciel
    Sky Chart / Cartes du Ciel
    SkyChart is a software to draw chart of
    the night sky for the amateur astronomer
    from a bunch of stars and nebulae
    catalogs. See main web page for full
    download...
    Download Sky Chart / Cartes du Ciel
  • 6
    GSmartControl
    GSmartControl
    GSmartControl is a graphical user
    interface for smartctl. It allows you to
    inspect the hard disk and solid-state
    drive SMART data to determine its
    health, as w...
    Download GSmartControl
  • More »

Linux commands

  • 1
    abc2abc
    abc2abc
    abc2abc - a simple abc
    checker/re-formatter/transposer ...
    Run abc2abc
  • 2
    abc2ly
    abc2ly
    abc2ly - manual page for abc2ly
    (LilyPond) 2.18.2 ...
    Run abc2ly
  • 3
    coqmktop
    coqmktop
    coqmktop - The Coq Proof Assistant
    user-tactics linker ...
    Run coqmktop
  • 4
    coqtop
    coqtop
    coqtop - The Coq Proof Assistant
    toplevel system ...
    Run coqtop
  • 5
    g.copygrass
    g.copygrass
    g.copy - Copies available data files in
    the current mapset search path to the
    user�s current mapset. KEYWORDS:
    general, map management ...
    Run g.copygrass
  • 6
    g.dirsepsgrass
    g.dirsepsgrass
    g.dirseps - Internal GRASS utility for
    converting directory separator
    characters. Converts any directory
    separator characters in the input string
    to or from na...
    Run g.dirsepsgrass
  • More »

Ad